Unlock instant, AI-driven research and patent intelligence for your innovation.

Diffie-Hellman protocol-based iSCSI protocol security enhancement method

A protocol security and protocol technology, applied in the field of data security, can solve the problems of password leakage, difficulty in fine-grained access control of the originator, and inability to recover the access rights of the originator, and achieves the effect of reducing the impact, simple and efficient authorization and authentication

Active Publication Date: 2018-05-01
BEIJING INST OF COMP TECH & APPL
View PDF1 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the above two access control mechanisms extended by the iSCSI protocol solve the problem of password leakage in CHAP authentication, these two mechanisms require multiple encryption and decryption operations on the target side to determine whether to allow the login request from the originating side.
In addition, neither of these two mechanisms can revoke the originator's access to logged-in storage resources, and it is difficult to implement fine-grained access control for each originator

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Diffie-Hellman protocol-based iSCSI protocol security enhancement method
  • Diffie-Hellman protocol-based iSCSI protocol security enhancement method
  • Diffie-Hellman protocol-based iSCSI protocol security enhancement method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0065] In order to make the purpose, content, and advantages of the present invention clearer, the specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0066] The safety enhancing method of the iSCSI protocol based on the improved Diffie-Hellman protocol of the present invention includes two authentications: identity authentication based on public key certificates and authorization authentication based on capability certificates. When performing the first authentication, the originating end first sends the request and the public key certificate to the authentication server, and the authentication server uses the public key certificate to complete the identity authentication of the originating end, and on this basis judges according to its stored access control list After the request is legal, a capability certificate is issued to the originator. When performing the se...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a Diffie-Hellman protocol-based iSCSI protocol security enhancement method. The method comprises the steps that an originating terminal sends a public key certificate, a request and a digital signature of the originating terminal to an authentication server; the authentication server authenticates the identity of the originating terminal and authorizes the request; the authentication server sends both a ciphertext and a public part of the certificate to the originating terminal of the request, wherein the ciphertext is obtained by encrypting a private part of the certificate by a public key of the originating terminal; the originating terminal calculates a message verification code and sends both the message verification code and the public part of the certificate to a designated target terminal; the target terminal receives the verification code and the public part of the certificate and then authorizes the request of the originating terminal; the target terminal responds to the request of the originating terminal according to an authorization result; and used shared secret keys are refreshed one by one regularly.

Description

technical field [0001] The invention relates to the technical field of data security, in particular to an iSCSI protocol security enhancement method based on the Diffie-Hellman protocol. Background technique [0002] Currently, the iSCSI protocol mostly uses the CHAP authentication protocol to control access to storage resources. However, in CHAP authentication, the user name and password are stored on the target side in plain text, which may be illegally obtained by insiders or hackers. In addition, this authentication method uses periodic authentication to resist channel insertion attacks, but it usually encounters difficulties in choosing a specific period interval. Too long a period interval will leave opportunities for intruders; too short a period interval will increase the calculation of both authentication parties. quantity. At the same time, when fine-grained access control is to be implemented for each originator, the administrator needs to manually create a user...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/32H04L29/06
CPCH04L9/3242H04L9/3249H04L9/3263H04L63/0823H04L63/102H04L63/126
Inventor 喻崇仁田鹏陕振
Owner BEIJING INST OF COMP TECH & APPL